Skip to Content.
Sympa Menu

discuss - RE: [opennic-discuss] iptables rules inefficient

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

RE: [opennic-discuss] iptables rules inefficient


Chronological Thread 
  • From: Éric Boucher <bouchereric0000 AT hotmail.com>
  • To: "discuss AT lists.opennicproject.org" <discuss AT lists.opennicproject.org>
  • Subject: RE: [opennic-discuss] iptables rules inefficient
  • Date: Sat, 1 Jun 2013 04:57:06 -0400
  • Importance: Normal

Great try but i think you forgot about SYNFLOOD...

- Éric

> Date: Fri, 31 May 2013 21:45:58 -0400
> From: weblionx AT gmail.com
> To: discuss AT lists.opennicproject.org
> Subject: Re: [opennic-discuss] iptables rules inefficient
>
> Has anyone ever tried using TCP only for a DNS server? I don't know
> how well clients would handle that, and I know it has some extra
> latency, but if it eliminates the ability to use it for a DDoS it
> seems like it might be something worth trying.
>
> I'm assuming that regular TCP-DNS uses one connection per query. Would
> it be possible to set it up so it kept the connection up for many
> queries, or would that require using a tunnel or rewriting software?
>
> - C
>
> On Fri, May 24, 2013 at 6:40 AM, Psilo <dns AT psilo.org> wrote:
> > Thank you Jeff for binging the conversation back to the topic.
> >
> > Eric: I am simply using the rules mentioned in the wiki pointed by Jeff.
> >
> > The IRC conversation with the guy that understands nothing to DNS
> > amplification attacks is just useless.
> >
> > Psilo
> >
> >
> > Le vendredi 24 mai 2013, Jeff Taylor a écrit :
> >
> >> We have a collection of rules posted here:
> >> http://wiki.opennicproject.org/Tier2Security
> >>
> >>
> >> On 05/23/2013 09:43 AM, Éric Boucher wrote:
> >>
> >> This is great changes... May i ask for your rules so i can add it to mine
> >> ?
> >>
> >> Thanks,
> >> Éric
> >>
> >>
> >
>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org



Archive powered by MHonArc 2.6.19.

Top of Page